A biological entity may be registered with a digital identifier, i.e., an account may be created, such that the entity may be recognized by and interact with a system. The digital identifier may function as a proxy for the entity with regard to actions, events, data stored, and/or outcomes realized etc. in relation to the system, and any other systems with which the system interacts.
During a typical identification and authentication process, a biological entity may communicate identity data elements to the system. The biological entity may communicate by entering data on an interface such as a keyboard, by submitting biometric data through a sensor, camera, or fingerprint reader, and/or by transmitting information through visual, acoustic, and/or radio frequency identification. The system may receive the identity data elements and compare them with identity profile data (e.g. the collection and combination of static identity data elements the system uses to identify a biological entity, such as, e.g., an employee ID, an account username and password combination, a pin code, and/or stored biometric data such as fingerprint, iris scan, or heartbeat signature) that is stored in or accessible to the system. If the identity data elements sufficiently match the compared identity profile data, the biological entity may be authorized to use or interact with the system.
In addition, tangible objects such as keys (door, vehicle, safe, etc.), debit and credit cards, loyalty cards, driver licenses, passports, as well as intangible digital identity profile data such as the collection and combination of identity profiles on one or more interconnected or isolated systems connected to a biological entity device, system, or service user account identifiers such as usernames and passwords may each be used as identity tokens or proxies which are meant to represent, validate, and authorize a biological entity (living being) to access, operate, transact, or participate with the system.
These typical identification and authorization processes have several problems. For example, the submission and transmission of identity element data may not be cryptographically secured or generated. Because of this, the data may be captured during entry (e.g., via key loggers on keyboards, cameras capturing pin codes or biometric data such as iris patterns or fingerprints, etc.) and/or during transport over insecure or compromised transmission channels (e.g., man-in-the-middle attacks on SSL certificates). Because identity element data is insecure, impersonation may be achieved by submitting maliciously obtained identity element data to a targeted system.
Further, identity profile data that is stored in a compromised system may expose the biological entity to identity theft on multiple unrelated systems where the only common link may be the biological entity's identity profile data. For example, since the same identity data elements such as biometrics and user account details (e.g. usernames and passwords) may be used across multiple separate systems, a malicious actor may derive static identity data elements such as usernames, passwords, or biometric data from an identity profile that is stored or accessible within a compromised system, and emulate or present those same identity data elements to any number of other uncompromised systems that share the same identity data. Further, some biometric identity data elements, such as, e.g., fingerprints, are difficult or impossible to change, which compounds the risk associated with identity theft from a compromised system or service.
In some advanced digital identity systems, a two-factor authentication system may be implemented to address some of the concerns of unsecured transmission of identity data. In advanced digital identity systems, the biological entity may be associated with static identity data such as a PIN code. The biological entity may also have a physical device that provides additional cryptographically secure identity data such as, e.g., a set of pseudo-random temporary passcodes that are time synced with a third party server and/or that generate one-time-passwords that are cryptographically checked for authenticity. However, these advanced digital identity systems may still be lost, stolen, or intercepted since these continue to establish, manage, and maintain the identity profile of the biological entity on a separate physical device, and these systems only implement a minimal improvement in security of the identity and authentication process.
Other identity systems may incorporate biometric identification technologies such as, e.g., bone, vein, fingerprint or iris scanning. However, these technologies present unique security challenges. For example, people leave fingerprints and DNA everywhere, which may be stolen and sampled by malicious actors. Further, high-resolution cameras used today in smart phones and security CCTV systems may capture enough image data to create full three dimensional representations of a person's face and body, capture fingerprints and iris patterns, and may analyze numerous other aspects of a person's biology and behavior in great enough detail to enable replication and emulation of those biological identity elements either digitally or via analog methods such as 2D and/or 3D printing techniques. These other identity systems may also store identity profile data internally and merely compare identity data submitted against an internally stored or accessible identity profile, which is vulnerable to derivation or substitution on compromised systems.
Accordingly and at least in view of each of the above identified problems with identification and authentication processes, there exists a need for a device and/or system that permits a biological entity to rapidly, conveniently, and securely communicate information to systems.